If you’ve been keeping up with recent tech news, you might have heard of an exploit called “Dirty COW.” In this article, I will talk about what Dirty COW is, how to fix it, and what to take away from it.
I should start by talking about what Dirty COW was. Dirty COW refers to a bug in the Linux Kernel introduced in version 2.6.22, but only recently became exploitable. The bug is a race condition in the Kernel’s subsystem that handles Copy-On-Write of read-only memory mappings, hence the COW in “Dirty COW.” A race condition is a term usually used in computing, which refers to a situation which results from two or more instructions that are supposed to be given in a sequence being given at the same time, causing an undesirable outcome due to the nature of how the commands are handled. This specific race condition can allow a malicious user on a network to elevate their permissions on or do other damage to a computer on said network by tricking the COW system into modifying OS files that would otherwise be read only, and thus normally not modifiable. There is, however, a fix for this bug, and there have been no reported occurrences of this bug being used in an attack.
If your kernel is up to date, Dirty COW is likely patched. However, if you’re not sure, type “uname -rv” in the terminal to check your kernel data. Depending on the distro you’re using, you should go to Canonical, Debian, or RedHat for information on which kernel versions are patched for each of their distros. Note that if the only computer you have that is running the Linux Kernel is a school computer, the kernel is likely up to date and patched against Dirty COW. If you have your own computer running a GNU/Linux distro and your kernel is vulnerable, run “sudo apt-get update && sudo apt-get dist-upgrade” on Debian and Ubuntu distros, or run “sudo dnf upgrade” on RedHat based distros. Finally, run “sudo reboot” to reboot your OS. This command works on every distro.
We can learn a few lessons from this bug and there are bright sides to it. The important lesson here for everyday users is to make sure they’re keeping everything up to date. And while a crisis was averted, this should serve as a grim reminder to the security community about what can happen if bugs aren’t quickly found and patched. The good news is that open source software is a community by nature, and all who are interested can contribute. Even if you don’t have the technical skills, you can contribute to the software you like with donations, which in turn make the community stronger. This bug also gives affected service providers a reason to update their software, since large networks can’t update haphazardly, and often have to update the software on all of their machines at the same time to minimize downtime and avoid errors. Put simply; this cloud has a silver lining.
For further reference, visit:
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html
https://security-tracker.debian.org/tracker/CVE-2016-5195